Skip to content

Geo Enrichment

Overview

Use Geo Enrichment to automatically add IP-based geographical information to your logs. This data is added as new fields, making it available for querying, visualization, and reporting. Some of the fields included are country, city, continent, postal_code, and location geo_point.

Getting started

  1. Navigate to the Data Flow menu, click on Data Enrichment and scroll to the Geo Enrichment section. In this section, you can specify which fields in your logs contain the IP addresses you want to enrich with geographical information.
  2. Click on Add ASN Information to also add ASN (Autonomous System Number) information about the networks or organizations that manage the IP addresses.

Note

  • If you want to add ASN information to a key that contains only Geo enrichment, remove it from the list, click on Add ASN Information, and select it from the list again.
  • If you don't have your IP fields set, or your data isn't JSON-formatted, you can use Coralogix's Rules Engine to extract the IP addresses found in your log records using the "Extract" or "Parse" rules
  • Geo enrichment data won’t be added if the enrichment DB does not contain the queried IP.

Once you define the IP field, Coralogix will add geographical information to the logs based on the selected fields. The fields in the example below were added in the enrichment process and include ASN information as well.

{
    "clientIp_geoip": {
        "ip": "147.237.70.107",
        "ip_ipaddr": "147.237.70.107",
        "location_geopoint":{,
            "lat": "32.0668",
            "lon": "34.7649"
        }
        "asn": {
            "number": 12400,
            "organization": "Partner Communications Ltd."
        }
        "continent_name": "Asia",
        "country_name": "Israel",
        "city_name": "Tel Aviv",
        "postal_code": "null"
    }
}

You can see that the object clientIp_geoip was added to the log. It includes geographical information based on the IP address found in the IP field. These added fields can now be queried and used to generate visualizations and alerts.

Previous Previous Custom Enrichment
Next Lookup Tables Next
Home
User Guides User Guides
DataPrime DataPrime
Integrations Integrations
OpenTelemetry OpenTelemetry
Developer Portal Developer Portal